SOLDES

Jusqu'à -70% sur une sélection d'articles*

Nouveauté

Security Gates in GitHub Actions. DevSecOps for Small Repositories and Side Projects

Par : Sloane Garrett
Offrir maintenant
Ou planifier dans votre panier
Disponible dans votre compte client Decitre ou Furet du Nord dès validation de votre commande. Le format ePub est :
  • Compatible avec une lecture sur My Vivlio (smartphone, tablette, ordinateur)
  • Compatible avec une lecture sur liseuses Vivlio
  • Pour les liseuses autres que Vivlio, vous devez utiliser le logiciel Adobe Digital Edition. Non compatible avec la lecture sur les liseuses Kindle, Remarkable et Sony
Logo Vivlio, qui est-ce ?

Notre partenaire de plateforme de lecture numérique où vous retrouverez l'ensemble de vos ebooks gratuitement

Pour en savoir plus sur nos ebooks, consultez notre aide en ligne ici
C'est si simple ! Lisez votre ebook avec l'app Vivlio sur votre tablette, mobile ou ordinateur :
Google PlayApp Store
  • FormatePub
  • ISBN8905162374
  • EAN9798905162374
  • Date de parution08/06/2026
  • Protection num.pas de protection
  • Taille614 Ko
  • Infos supplémentairesepub
  • ÉditeurChiify

Résumé

What if the next npm install you run silently adds a backdoor to your side project - and you don't notice until your API keys are on the dark web? Your GitHub repository has a secret problem. Not the kind you store in Settings > Secrets. The kind where your package-lock.json pins 47 vulnerable packages, your actions/checkout@v2 was deprecated six months ago, and that "helpful" contributor last week added a dependency with a post-install script that phones home. You don't have a security team.
You don't have a SOC 2 budget. What you have is this book - a field manual for solo developers who refuse to let their side projects become someone else's breach vector. Inside, you'll build automated security gates that catch the mistakes you make at 11 PM: dependency audits that fail CI before vulnerable code merges, secret scanners that block API keys before they reach GitHub's servers, container image scanners that find CVEs in your Docker base layers, and incident response playbooks that fit on one page because you don't have time for forty. Every chapter includes real, runnable YAML workflows and Python scripts - not theory.
You'll harden pull requests, enforce third-party action policies, set up canary deployments with automatic rollback, and generate SBOMs that prove your supply chain transparency. You'll learn when to patch immediately, when to document and wait, and when a simple sha256sum beats enterprise attestation. Stop pushing secrets at midnight - pre-commit hooks and CI scans that catch leaks before they fossilize in Git history Turn your pull request into a security checkpoint - required status checks that block merges until vulnerabilities, secrets, and static analysis pass Harden your .github/workflows folder - action pinning, SHA verification, and policies that prevent the next tj-actions supply chain attack Deploy with a safety net - canary health checks, automatic rollback, and .env validation that stops production crashes Build metrics that matter - weekly MTTP tracking, dependency freshness scores, and a 5-minute daily checklist that keeps your repo safer than most enterprise codebases Your repository is already under attack - by automated scanners, by compromised dependencies, by your own 2 AM fatigue.
Build the gates now. Before the alert that wakes you up.